Job description

What You'll Do - Work as part of a team assessing the security and compliance of client firms against regulatory and industry requirements and standards, and against security best practice frameworks. The Associate will partner closely with experienced Project Leads and be assigned specific technical segments to provide client-ready deliverables. - Facilitate security assessments and possibly other audit activites within a majority of cloud-based environments. To succeed in this position, the Associate will need a strong understanding of technical system security controls and an understanding of the various testing methods utilized to ascertain the effectiveness of those controls. - Works closely with senior members to support audit preparation and document assessments against prescribed sets of criteria - Execute, examine, interview, and test procedures in accordance with the proper control or compliance system - Ensure cybersecurity policies are adhered to an that required controls are implemented - Validate respective information system security plans to ensure that appropriate control requirements are met - Take charge of identifying information sources, gathering and interpreting data, and ensuring diligent and accurate data and note capturing of customer interviews - Pursues and corroborates conclusions derived from inquiry procedures - Proactively drafts and documents audit planning and reporting material for peer review at appropriate milestones throughout the engagement lifecycle - Adheres to pre-defined project timelines and communicates possible changes to the schedule or scope of work - Understands how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each deliverable - Provide advice to the client on various matters related to the assessment/audit and effectively requests or communicates technical requirements to a non-technical audience - Support and maintain positive collaborative relationships with clients and stakeholders - Maintain industry expertise by studying for and achieving industry recognized certifications What You'll Bring - Strong written and verbal communication skills including the ability to explain security controls to a non-technical audience - Strong personal initiative to appropriately manage time and meet deadlines - High attention to detail and quality - Computer and typing skills that permit rapid data collection and note taking - Ability to participate and support meetings to small or large groups - Public speaking and emerging executive presence - Inquisitive and curious nature with the ability to effectively probe for deeper information - Diplomatic and broad minded - Strong technical researcher - Bachelor's degree (four-year college or university) or equivalent combination of education and work experience. Degree preferably in Information Systems or Business. Bonus Points - An introductory understanding of IT security technologies including cloud architecture and application security, firewalls, access management, and data protection - Educational or work experience involving IT Security and/or IT Audit principles - Experience as an IT Consultant, IT auditor, Business Analyst, or similar role - Experience working with technologies hosted via cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform) - At least one information security certification, such as CCSK or CompTIA Security+ (or willing to obtain one of these certifications) - Amazon Web Services (AWS) Certified Cloud Practitioner certification

Requirements